# Transit Gateway

## Overview

* A network transit hub that you can use to connect your VPCs to on-premises network. 
* simplifies networking by acting as a regional virtual router.
* Your data is encrypted automatically, and NEVER travels over the public internet.

<figure><img src="https://docs.aws.amazon.com/images/vpc/latest/tgw/images/transit-gateway-overview.png" alt=""><figcaption><p>1 Transite gateway with 3 VPC attachments</p></figcaption></figure>

## Best practices

* Use seperate subnet for each transit gateway. For each subnet, use a small CIDR /28

## Trivia

* Transit gateway is a regional resource that resides *<mark style="background-color:yellow;">**outside**</mark>* the VPC.
* Routing through a transit gateway operate at Layer 3.

## Concepts

* [ASN](#concepts) (Autonomous System Number): is for the AWS side of a Border Gateway Protocol (BGP) session. You can use the default ASN, or you can specify a private ASN in the 64512-65534 or 4200000000-4294967294 ranges.